Verifying User Accounts

The account verification feature allows you to ascertain that each of your app's users has registered with a valid email address and that they actually own it. This is necessary if you want to reliably send email to your customers, including password reset instructions needed when the user has forgotten their password.

In Telerik Platform, immediately after a user registers in your application, their email address is marked as unverified. This is to reflect that the system does not know whether the specified email address is valid or owned by the person who signed up.

The account verification feature sends an automated email to the provided email address. It is expected to be replied to otherwise the verification is considered unsuccessful.

This is how account verification works in details:

A user registers in your app. The user account is automatically marked as unverified by setting IsVerified: false in the Users content type.

A verification code is generated and stored in the user object (the VerificationCode field).

An email containing a verification link is sent to the email address specified by the user (the Email field).

The user opens the email and clicks the link, then completes the verification on the web page that opens.

The web page uses the verification code supplied in the URL and makes a verification request to Telerik Platform.

If the request is successful (in other words the verification code matches the one in the database), the user is marked as verified.

Users from social or Active Directory Federation Services authentication providers are automatically marked as verified.

Although accounts are marked as unverified, Telerik Platform does not treat them differently than verified accounts. Unverified account holders are allowed to log in just like any
other user on the system.

It is up to you as a developer to handle unverified user accounts by checking the state of IsVerified field of the current user's account.

Normally, user accounts are marked as verified when the user clicks the link in the verification email. However, it is also possible to mark a user as verified using a request to the Users content type. This allows you to implement your own verification mechanisms.

You can choose between two ways to mark a user account as verified:

Using the automatically generated verification code, stored in VerificationCode. The VerificationCode user account field is returned only when reading the user using Master Key authentication. This prevents the user from reading their own verification code and completing the verification procedure with it.

Using master key authentication, in which case you don't need the verification code.

Keep the following in mind:

The verification code does not expire.

The IsVerified field is read-only. It cannot be set even if the user has UPDATE permissions. This prevents the user from marking their own account as verified.

This is how you mark a user account as verified using the verification code:

By default, the verification message that users receive links to a generic page on https://www.everlive.com that completes the verification procedure. You can easily edit the email template to change its appearance or completely alter the verification mechanism.

To edit the account verification template:

Log in to the Telerik Platform portal.

Click your app.

Navigate to Users > Automated Emails.

Select the VerifyAccountEmail table entry and then click Edit in the right-hand pane.

Make your changes. When finished, click Save.

You can access the verification code for a user in the template by adding the {{User.VerificationCode}} placeholder.

You may need to resend the verification email in the event of the user not receiving it. This may happen if the user mailbox is full, the mail server was temporary down, because of network connection problems, and so on.

You can resend the verification email either from the Telerik Platform portal or programmatically.

Sending the automated account verification email is optional and can be disabled. Even if it is enabled, you can choose to register a user without an email address. Such users are always marked as unverified and no verification emails are sent to them.

Even if you disable the automated verification emails, a verification code is always generated and written to the user account. This allows you to use the verification endpoints to implement your own account verification mechanism.

To disable the automated email verification:

Log in to the Telerik Platform portal.

Click your app.

Navigate to Users > Email Settings.

Clear the Send Confirmation emails to newly registered users in order to verify email addresses check-box.